from rest_framework.permissions import BasePermission


class DeletePermission(BasePermission):

    def has_permission(self, request, view):
        """
        1. pk:
        2. method:
        3. me
        4. admin
        :param request:
        :param view:
        :return:
        """
        if not view.kwargs['pk']:
            return True

        if request.method.lower() not in ['delete', 'put']:
            return True

        try:
            obj = view.queryset.get(pk=view.kwargs.get('pk'))
            token_user = request.user
            if obj.author == token_user:
                return True
            else:
                return request.user.is_superuser
        except:
            return False
